Risk assessment is challenging when data is unavailable, hard to obtain, or costly to process. Organizations often request estimates from experts instead. This talk demonstrates how to integrate cybersecurity data with expert estimates using Bayesian modeling in PyMC.
Cybersecurity analysts, resource managers, and executives can use Bayesian models to perform risk assessments, select security controls, and prioritize which suspicious events to investigate first. System administrators can configure autonomous sources of data including vulnerability scanners and cybersecurity event monitoring systems to automatically update these hybrid network models alongside inputs from risk analysts and executives.
About the speaker:
Corey Neskey (Hive Systems)
Corey is Vice President of quantitative risk at Hive Systems, where he develops Derive, a powerful risk modeling and cybersecurity inference platform. His work combines expert knowledge elicitation methods with PyMC and Bayesian network models to solve problems in cybersecurity risk quantification and inform executive decision-making. Corey holds a MSc in cybersecurity intelligence and forensics, a CISSP, and undergraduate degrees in science and philosophy. Prior to joining Hive Systems, he worked at RSA, EMC, Dell SecureWorks, Bloomberg L.P, and NYU.